From owner-freebsd-security@freebsd.org  Wed Jul 22 06:58:11 2015
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC9EC9A8B44
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 22 Jul 2015 06:58:11 +0000 (UTC)
 (envelope-from gabor@zahemszky.hu)
Received: from smtp-3-out.integrity.hu (smtp-3-out.integrity.hu
 [212.52.165.213])
 by mx1.freebsd.org (Postfix) with ESMTP id 6F46615F4
 for <freebsd-security@freebsd.org>; Wed, 22 Jul 2015 06:58:10 +0000 (UTC)
 (envelope-from gabor@zahemszky.hu)
Received: from webmail.integrity.hu (mail-fe-1.integrity.hu [10.1.64.120])
 by mail-smtp.integrity.hu (Postfix) with ESMTPA id 391364012D
 for <freebsd-security@freebsd.org>; Wed, 22 Jul 2015 08:52:56 +0200 (CEST)
Received: from bXkdUhF/eMRoSQCeR3ef8ymmC8mIhhkV by webmail.integrity.hu
 with HTTP (HTTP/1.1 POST); Wed, 22 Jul 2015 08:52:56 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 22 Jul 2015 08:52:56 +0200
From: gabor@zahemszky.hu
To: <freebsd-security@freebsd.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp
In-Reply-To: <20150722025746.721831C32@freefall.freebsd.org>
References: <20150722025746.721831C32@freefall.freebsd.org>
Message-ID: <9acb8bbfb059c3e8d08ba20a41441714@zahemszky.hu>
X-Sender: gabor@zahemszky.hu
User-Agent: Roundcube Webmail/0.8.4
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 06:58:11 -0000

> IV.  Workaround
>
> No workaround is available, but systems that do not provide TCP based
> service to untrusted networks are not vulnerable.
>
> Note that the tcpdrop(8) utility can be used to purge connections 
> which
> have become wedged.  For example, the following command can be used 
> to
> generate commands that would drop all connections whose last rcvtime 
> is
> more than 100s:
>
> 	netstat -nxp tcp | \
> 	awk '{ if (int($NF) > 100) print "tcpdrop " $4 " " $5 }'
>
> The system administrator can then run the generated script as a 
> temporary
> measure.  Please refer to the tcpdump(8) manual page for additional
> information.

It should be tcpdrop(8), isn't it?

Zahy < Gabor at Zahemszky dot HU >